/** * @brief Fills an OsiProc struct. */ int vmi_pgd_changed(CPUState *env, target_ulong oldval, target_ulong newval) { static int vmi_pgd_changed_count = 0; OsiProcs *ps; OsiModules *ms; uint32_t i; if (!panda_in_kernel(env)) { // This shouldn't ever happen, as PGD is updated only in kernel mode. LOG_ERR("Can't do introspection in user mode."); goto error; } // Directly call the linux-specific introspection functions. // For testing the functions via their callbacks, use the osi_test plugin. LOG_INFO("--- START %4d ---------------------------------------------", vmi_pgd_changed_count); on_get_processes(env, &ps); for (i=0; i< ps->num; i++) { on_get_libraries(env, &ps->proc[i], &ms); on_free_osimodules(ms); } on_free_osiprocs(ps); LOG_INFO("--- END %4d ---------------------------------------------", vmi_pgd_changed_count); vmi_pgd_changed_count++; return 0; error: return -1; }
// get current process before each bb execs // which will probably help us actually know the current process int osi_foo(CPUState *env, TranslationBlock *tb) { if (panda_in_kernel(env)) { OsiProc *p = get_current_process(env); //some sanity checks on what we think the current process is // this means we didnt find current task if (p->offset == 0) return 0; // or the name if (p->name == 0) return 0; // this is just not ok if (((int) p->pid) == -1) return 0; uint32_t n = strnlen(p->name, 32); // name is one char? if (n<2) return 0; uint32_t np = 0; for (uint32_t i=0; i<n; i++) { np += (isprint(p->name[i]) != 0); } // name doesnt consist of solely printable characters // printf ("np=%d n=%d\n", np, n); if (np != n) return 0; target_ulong asid = panda_current_asid(env); if (running_procs.count(asid) == 0) { printf ("adding asid=0x%x to running procs. cmd=[%s] task=0x%x\n", (unsigned int) asid, p->name, (unsigned int) p->offset); } running_procs[asid] = *p; } return 0; }
// get current process before each bb executes // which will probably help us actually know the current process int osi_foo(CPUState *cpu, TranslationBlock *tb) { if (panda_in_kernel(cpu)) { OsiProc *p = get_current_process(cpu); //some sanity checks on what we think the current process is // this means we didnt find current task if (p->offset == 0) return 0; // or the name if (p->name == 0) return 0; // weird -- this is just not ok if (((int) p->pid) == -1) return 0; uint32_t n = strnlen(p->name, 32); // yuck -- name is one char if (n<2) return 0; uint32_t np = 0; for (uint32_t i=0; i<n; i++) { np += (isprint(p->name[i]) != 0); } // yuck -- name doesnt consist of solely printable characters if (np != n) return 0; target_ulong asid = panda_current_asid(cpu); if (running_procs.count(asid) == 0) { if (debug) printf ("adding asid=0x%x to running procs. cmd=[%s] task=0x%x\n", (unsigned int) asid, p->name, (unsigned int) p->offset); } if (running_procs.count(asid) != 0) { /* OsiProc *p2 = running_procs[asid]; // something there already if (p2) free_osiproc(p2); */ } running_procs[asid] = *p; } return 0; }